IT Security News Blast 7-10-2017

Potential file sharing and healthcare cloud security risks must be addressed in covered entities’ and business associates’ risk analyses, according to the latest OCR cybersecurity newsletter. These collaboration tools can greatly benefit organizations, but the possible privacy and security risks cannot be ignored. Risk management policies and business associate agreements (BAAs) should also review any file sharing or cloud computing options to ensure PHI security, OCR maintained.

“On execution, the known Petya samples delete themselves and perform a check to verify if this deletion is successful. If the file is still present, Petya will exit. This behavior can be turned into a protection mechanism of sorts. If you create a vaccine file: C:\Windows\perfc and set the permissions of the file to deny write permissions to everyone, including system administrators, infection can’t succeed as Petya will be unable to copy itself over.

Accountability is the new watchword. If personal data gets stolen after a cyber-attack, companies have to report the breach within 72 hours of realising it. And the definition of personal data has been extended to include extra categories such as your computer’s IP address or your genetic make-up – anything that could be used to identify you. Non-compliance with the GDPR could lead to huge fines of 20 million euros or 4% of global turnover, whichever is the greater. For a company like tech giant Apple, that could amount to billions of dollars.

“It is too early to predict what the impact will be on the quarter-two, or potentially the quarter-three result.” The attack did not impact Maersk’s physical loading of goods, but disrupted data-reliant processes such as creating arrival notices and obtaining customs clearance – leading to congestion at some of its ports, including in the United States, India, Spain and the Netherlands.

A dozen plants were targeted, including the Wolf Creek Nuclear Operating Corporation, which runs a generating station in Burlington, Kansas. Senior intelligence and nuclear regulatory officials noted that the overwhelming majority of U.S. reactors operate on analog, not digital systems, making them less vulnerable to hacking attacks. “At most, the hackers might have been able to get the schedule for employee overtime,” one official said of the Wolf Creek incident.

Last night, the NYT had an alarming story reporting that suspected Russian spies were compromising engineers that work at nuclear power plants across the United States. Amber! the story screamed. […] And yet, in the fourth paragraph of the story, NYT admitted it’s not really clear what the penetrations involved. With that admission, the story also revealed that the computer networks in question were not the control systems that manage the plants.

Tillerson said the “framework” would deal with “how these tools are used to interfere with the internal affairs of countries, but also how the tools are used to threaten infrastructure, how these tools are used from a terrorism standpoint as well.” […] The announcement raised eyebrows of Russia experts worried that Putin may be taking advantage of Trump and that pursuing cooperation before deterrence for recent Russian attacks might send the wrong message.

Republican Senators Lindsey Graham, an influential South Carolina Republican who is a member of the Senate Armed Services Committee, and Marco Rubio of Florida, who opposed Trump for their party’s presidential nomination, blasted the idea. “It’s not the dumbest idea I have ever heard but it’s pretty close,” Graham told NBC’s “Meet the Press” program, saying that Trump’s apparent willingness to “forgive and forget” stiffened his resolve to pass legislation imposing sanctions on Russia. Rubio, on Twitter, said: “While reality & pragmatism requires that we engage Vladimir Putin, he will never be a trusted ally or a reliable constructive partner.

Trump’s plan to work with Putin on cybersecurity makes no sense. Here’s why.

If the proposed cybersecurity unit were to work effectively, the United States would need to share extensive information with Russia on how U.S. officials defend elections against foreign tampering. The problem is, however, that information that is valuable for defending U.S. systems is, almost by definition, information that is valuable for attacking them, too. This is one reason U.S. officials have not previously proposed any far-reaching arrangement with Russia on cybersecurity. Providing such information would almost certainly give the Russians a map of vulnerabilities and insecurities in the system that they could then exploit for their own purposes.

The German statement added to the growing conviction among experts that the global attack was more harmful than initially believed. The virus took down thousands of computers in dozens of countries, disrupting shipping and businesses. German security officials are still investigating the origin of the virus and do not have reliable data to confirm a claim by the Ukrainian government that Russia was behind the attack.

Threat modeling doesn’t have to be rocket science. Most people already (consciously or subconsciously) threat model for the physical world around them—whether it’s changing the locks on the front door after a roommate moves out or checking window locks after a burglary in the neighborhood. The problem is that very few people pay any sort of regular attention to privacy and security risks online unless something bad has already happened.

Law enforcement agencies are acquiring and using surveillance technology, often without the knowledge of local government and the communities they represent. Learn about the technologies and the issues they present, and get recommendations on how to protect your civil liberties. They are watching. You should be, too.

Products such as Hacking Team’s Remote Control System and Gamma Group’s FinFisher allow governmental purchasers the ability to remotely and secretly access and monitor the computers and phones of their targets. Research published by Citizen Lab as well as other investigative groups has demonstrated that some governments and security services abuse these tools by hacking political opponents, human rights groups and journalists both within their own jurisdictions and abroad.

Self-driving Signal car is designed to protect journalists from cyber surveillance

The Signal car was designed by Peters as a “mobile meeting room” for journalists, as they face growing pressures and concerns about their security and privacy. Press freedom has been a hot topic this year following the inauguration of Trump, who banned journalists he didn’t like from his media room and recently appeared to condone attacks on reporters via a video he shared on Twitter. The US is currently ranked 43rd on the Press Freedom Index, where North Korea, Eritrea and Turkmenistan appear at the very bottom.

Ask a Security Expert: The Case For Cloud-Based Cybersecurity Solutions

Not only is conventional antivirus protection struggling to keep up with today’s attacks, but many traditional approaches also do not provide organizations with full visibility into the security of each endpoint. It is essential for MSPs to have visibility across all their customer’s networks and access to up-to-date intelligence on threats to their systems and endpoints of all types. The most effective approach to ensuring all endpoints have active antivirus protections is through cloud-based cybersecurity solutions.

The first attack is to gain root access to the Android device, which it’s able to accomplish over half the time. Once it roots the device, the malware injects code into Android’s Zygote service, which is the process that Android uses to launch apps. The Zygote attack allows the malware to download new apps silently, for which it’s paid a referral. In addition, the malware monitors user activity to get referrals for apps the user views in Google Play, for which it then also gets referral payments.

“I believe that the major nations in the cyber space can talk and must talk to each other … What is going on in cyber right now is unacceptable. Everyone hacks everyone,’’ he said in an interview with The Australian during a recent visit to Australia. “What is going on is very bad. There are no rules in this game. I think, I hope, that the major nations will talk to each other.

Want more cybersecurity information?

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at anytime if desired.Leave this field empty if you're human:

About Critical Informatics

We are world-class information security professionals providing Managed Detection and Response services to help you be secure, compliant, and resilient against threats to the life safety, life-sustaining, and quality-of-life systems and services you provide to clients, customers, constituents, and communities.